use of org.wso2.carbon.apimgt.rest.api.admin.v1.dto.KeyManagerDTO in project carbon-apimgt by wso2.
the class APIProviderImpl method updateSharedScope.
/**
* Update a shared scope.
*
* @param sharedScope Shared Scope
* @param tenantDomain tenant domain
* @throws APIManagementException If failed to update
*/
@Override
public void updateSharedScope(Scope sharedScope, String tenantDomain) throws APIManagementException {
int tenantId = APIUtil.getTenantIdFromTenantDomain(tenantDomain);
Map<String, KeyManagerDto> tenantKeyManagers = KeyManagerHolder.getTenantKeyManagers(tenantDomain);
for (Map.Entry<String, KeyManagerDto> keyManagerEntry : tenantKeyManagers.entrySet()) {
KeyManager keyManager = keyManagerEntry.getValue().getKeyManager();
if (keyManager != null) {
try {
keyManager.updateScope(sharedScope);
} catch (APIManagementException e) {
log.error("Error while Updating Shared Scope " + sharedScope.getKey() + " from Key Manager " + keyManagerEntry.getKey(), e);
}
}
}
updateScope(sharedScope, tenantId);
}
use of org.wso2.carbon.apimgt.rest.api.admin.v1.dto.KeyManagerDTO in project carbon-apimgt by wso2.
the class APIProviderImpl method addLocalScopes.
/**
* Add local scopes for the API if the scopes does not exist as shared scopes. The local scopes to add will be
* take from the URI templates.
*
* @param apiName API name
* @param uriTemplates URI Templates
* @param organization Organization
* @throws APIManagementException if fails to add local scopes for the API
*/
private void addLocalScopes(String apiName, Set<URITemplate> uriTemplates, String organization) throws APIManagementException {
int tenantId = APIUtil.getInternalOrganizationId(organization);
String tenantDomain = APIUtil.getTenantDomainFromTenantId(tenantId);
Map<String, KeyManagerDto> tenantKeyManagers = KeyManagerHolder.getTenantKeyManagers(tenantDomain);
// Get the local scopes set to register for the API from URI templates
Set<Scope> scopesToRegister = getScopesToRegisterFromURITemplates(apiName, organization, uriTemplates);
// Register scopes
for (Scope scope : scopesToRegister) {
for (Map.Entry<String, KeyManagerDto> keyManagerDtoEntry : tenantKeyManagers.entrySet()) {
KeyManager keyManager = keyManagerDtoEntry.getValue().getKeyManager();
if (keyManager != null) {
String scopeKey = scope.getKey();
try {
// version.
if (!keyManager.isScopeExists(scopeKey)) {
// register scope in KM
keyManager.registerScope(scope);
} else {
if (log.isDebugEnabled()) {
log.debug("Scope: " + scopeKey + " already registered in KM. Skipping registering scope.");
}
}
} catch (APIManagementException e) {
log.error("Error while registering Scope " + scopeKey + "in Key Manager " + keyManagerDtoEntry.getKey(), e);
}
}
}
}
addScopes(scopesToRegister, tenantId);
}
use of org.wso2.carbon.apimgt.rest.api.admin.v1.dto.KeyManagerDTO in project carbon-apimgt by wso2.
the class APIAdminImpl method mergeIdpWithKeyManagerConfiguration.
private void mergeIdpWithKeyManagerConfiguration(IdentityProvider identityProvider, KeyManagerConfigurationDTO keyManagerDTO) {
keyManagerDTO.setDisplayName(identityProvider.getDisplayName());
keyManagerDTO.setDescription(identityProvider.getIdentityProviderDescription());
IdentityProviderProperty[] identityProviderProperties = identityProvider.getIdpProperties();
if (identityProviderProperties.length > 0) {
for (IdentityProviderProperty identityProviderProperty : identityProviderProperties) {
if (StringUtils.equals(identityProviderProperty.getName(), APIConstants.JWKS_URI)) {
keyManagerDTO.addProperty(APIConstants.KeyManager.CERTIFICATE_TYPE, APIConstants.KeyManager.CERTIFICATE_TYPE_JWKS_ENDPOINT);
keyManagerDTO.addProperty(APIConstants.KeyManager.CERTIFICATE_VALUE, identityProviderProperty.getValue());
}
if (StringUtils.equals(identityProviderProperty.getName(), IdentityApplicationConstants.IDP_ISSUER_NAME)) {
keyManagerDTO.addProperty(APIConstants.KeyManager.ISSUER, identityProviderProperty.getValue());
}
}
} else if (StringUtils.isNotBlank(identityProvider.getCertificate())) {
keyManagerDTO.addProperty(APIConstants.KeyManager.CERTIFICATE_TYPE, APIConstants.KeyManager.CERTIFICATE_TYPE_PEM_FILE);
keyManagerDTO.addProperty(APIConstants.KeyManager.CERTIFICATE_VALUE, identityProvider.getCertificate());
}
keyManagerDTO.setEnabled(identityProvider.isEnable());
keyManagerDTO.setAlias(identityProvider.getAlias());
ClaimConfig claimConfig = identityProvider.getClaimConfig();
JsonArray claimArray = new JsonArray();
for (ClaimMapping claimMapping : claimConfig.getClaimMappings()) {
JsonObject claimMappingEntryDTO = new JsonObject();
claimMappingEntryDTO.addProperty("localClaim", claimMapping.getLocalClaim().getClaimUri());
claimMappingEntryDTO.addProperty("remoteClaim", claimMapping.getRemoteClaim().getClaimUri());
claimArray.add(claimMappingEntryDTO);
}
keyManagerDTO.addProperty(APIConstants.KeyManager.CLAIM_MAPPING, claimArray);
}
use of org.wso2.carbon.apimgt.rest.api.admin.v1.dto.KeyManagerDTO in project carbon-apimgt by wso2.
the class KeyManagerMappingUtil method toKeyManagerConfigurationDTO.
public static KeyManagerConfigurationDTO toKeyManagerConfigurationDTO(String tenantDomain, KeyManagerDTO keyManagerDTO) {
KeyManagerConfigurationDTO keyManagerConfigurationDTO = new KeyManagerConfigurationDTO();
Map<String, String> endpoints = new HashMap<>();
keyManagerConfigurationDTO.setName(keyManagerDTO.getName());
keyManagerConfigurationDTO.setDisplayName(keyManagerDTO.getDisplayName());
keyManagerConfigurationDTO.setDescription(keyManagerDTO.getDescription());
keyManagerConfigurationDTO.setEnabled(keyManagerDTO.isEnabled());
keyManagerConfigurationDTO.setType(keyManagerDTO.getType());
keyManagerConfigurationDTO.setOrganization(tenantDomain);
keyManagerConfigurationDTO.setTokenType(keyManagerDTO.getTokenType().toString());
keyManagerConfigurationDTO.setAlias(keyManagerDTO.getAlias());
Map<String, Object> additionalProperties = new HashMap();
if (keyManagerDTO.getAdditionalProperties() != null && keyManagerDTO.getAdditionalProperties() instanceof Map) {
additionalProperties.putAll((Map) keyManagerDTO.getAdditionalProperties());
}
if (StringUtils.isNotEmpty(keyManagerDTO.getClientRegistrationEndpoint())) {
additionalProperties.put(APIConstants.KeyManager.CLIENT_REGISTRATION_ENDPOINT, keyManagerDTO.getClientRegistrationEndpoint());
endpoints.put(APIConstants.KeyManager.CLIENT_REGISTRATION_ENDPOINT, keyManagerDTO.getClientRegistrationEndpoint());
}
if (StringUtils.isNotEmpty(keyManagerDTO.getIntrospectionEndpoint())) {
additionalProperties.put(APIConstants.KeyManager.INTROSPECTION_ENDPOINT, keyManagerDTO.getIntrospectionEndpoint());
endpoints.put(APIConstants.KeyManager.INTROSPECTION_ENDPOINT, keyManagerDTO.getIntrospectionEndpoint());
}
if (StringUtils.isNotEmpty(keyManagerDTO.getTokenEndpoint())) {
additionalProperties.put(APIConstants.KeyManager.TOKEN_ENDPOINT, keyManagerDTO.getTokenEndpoint());
endpoints.put(APIConstants.KeyManager.TOKEN_ENDPOINT, keyManagerDTO.getTokenEndpoint());
}
if (StringUtils.isNotEmpty(keyManagerDTO.getDisplayTokenEndpoint())) {
additionalProperties.put(APIConstants.KeyManager.DISPLAY_TOKEN_ENDPOINT, keyManagerDTO.getDisplayTokenEndpoint());
endpoints.put(APIConstants.KeyManager.DISPLAY_TOKEN_ENDPOINT, keyManagerDTO.getDisplayTokenEndpoint());
}
if (StringUtils.isNotEmpty(keyManagerDTO.getRevokeEndpoint())) {
additionalProperties.put(APIConstants.KeyManager.REVOKE_ENDPOINT, keyManagerDTO.getRevokeEndpoint());
endpoints.put(APIConstants.KeyManager.REVOKE_ENDPOINT, keyManagerDTO.getRevokeEndpoint());
}
if (StringUtils.isNotEmpty(keyManagerDTO.getDisplayRevokeEndpoint())) {
additionalProperties.put(APIConstants.KeyManager.DISPLAY_REVOKE_ENDPOINT, keyManagerDTO.getDisplayRevokeEndpoint());
endpoints.put(APIConstants.KeyManager.DISPLAY_REVOKE_ENDPOINT, keyManagerDTO.getDisplayRevokeEndpoint());
}
if (StringUtils.isNotEmpty(keyManagerDTO.getScopeManagementEndpoint())) {
additionalProperties.put(APIConstants.KeyManager.SCOPE_MANAGEMENT_ENDPOINT, keyManagerDTO.getScopeManagementEndpoint());
endpoints.put(APIConstants.KeyManager.SCOPE_MANAGEMENT_ENDPOINT, keyManagerDTO.getScopeManagementEndpoint());
}
if (keyManagerDTO.getAvailableGrantTypes() != null) {
additionalProperties.put(APIConstants.KeyManager.AVAILABLE_GRANT_TYPE, keyManagerDTO.getAvailableGrantTypes());
}
if (StringUtils.isNotEmpty(keyManagerDTO.getIssuer())) {
additionalProperties.put(APIConstants.KeyManager.ISSUER, keyManagerDTO.getIssuer());
}
if (keyManagerDTO.getCertificates() != null) {
additionalProperties.put(APIConstants.KeyManager.CERTIFICATE_VALUE, keyManagerDTO.getCertificates().getValue());
if (KeyManagerCertificatesDTO.TypeEnum.JWKS.equals(keyManagerDTO.getCertificates().getType())) {
additionalProperties.put(APIConstants.KeyManager.CERTIFICATE_TYPE, APIConstants.KeyManager.CERTIFICATE_TYPE_JWKS_ENDPOINT);
} else if (KeyManagerCertificatesDTO.TypeEnum.PEM.equals(keyManagerDTO.getCertificates().getType())) {
additionalProperties.put(APIConstants.KeyManager.CERTIFICATE_TYPE, APIConstants.KeyManager.CERTIFICATE_TYPE_PEM_FILE);
}
}
if (StringUtils.isNotEmpty(keyManagerDTO.getUserInfoEndpoint())) {
additionalProperties.put(APIConstants.KeyManager.USERINFO_ENDPOINT, keyManagerDTO.getUserInfoEndpoint());
endpoints.put(APIConstants.KeyManager.USERINFO_ENDPOINT, keyManagerDTO.getUserInfoEndpoint());
}
if (StringUtils.isNotEmpty(keyManagerDTO.getAuthorizeEndpoint())) {
additionalProperties.put(APIConstants.KeyManager.AUTHORIZE_ENDPOINT, keyManagerDTO.getAuthorizeEndpoint());
endpoints.put(APIConstants.KeyManager.AUTHORIZE_ENDPOINT, keyManagerDTO.getAuthorizeEndpoint());
}
if (StringUtils.isNotEmpty(keyManagerDTO.getWellKnownEndpoint())) {
additionalProperties.put(APIConstants.KeyManager.WELL_KNOWN_ENDPOINT, keyManagerDTO.getWellKnownEndpoint());
}
if (keyManagerDTO.getEndpoints() != null) {
for (KeyManagerEndpointDTO endpoint : keyManagerDTO.getEndpoints()) {
endpoints.put(endpoint.getName(), endpoint.getValue());
}
}
keyManagerConfigurationDTO.setEndpoints(endpoints);
additionalProperties.put(APIConstants.KeyManager.ENABLE_OAUTH_APP_CREATION, keyManagerDTO.isEnableOAuthAppCreation());
additionalProperties.put(APIConstants.KeyManager.ENABLE_MAP_OAUTH_CONSUMER_APPS, keyManagerDTO.isEnableMapOAuthConsumerApps());
additionalProperties.put(APIConstants.KeyManager.ENABLE_TOKEN_GENERATION, keyManagerDTO.isEnableTokenGeneration());
additionalProperties.put(APIConstants.KeyManager.ENABLE_TOKEN_HASH, keyManagerDTO.isEnableTokenHashing());
additionalProperties.put(APIConstants.KeyManager.ENABLE_TOKEN_ENCRYPTION, keyManagerDTO.isEnableTokenEncryption());
additionalProperties.put(APIConstants.KeyManager.SELF_VALIDATE_JWT, keyManagerDTO.isEnableSelfValidationJWT());
List<TokenValidationDTO> tokenValidationDTOList = keyManagerDTO.getTokenValidation();
if (tokenValidationDTOList != null && !tokenValidationDTOList.isEmpty()) {
additionalProperties.put(APIConstants.KeyManager.TOKEN_FORMAT_STRING, new Gson().toJson(tokenValidationDTOList));
}
List<ClaimMappingEntryDTO> claimMapping = keyManagerDTO.getClaimMapping();
if (claimMapping != null) {
additionalProperties.put(APIConstants.KeyManager.CLAIM_MAPPING, new Gson().toJsonTree(claimMapping));
}
if (StringUtils.isNotEmpty(keyManagerDTO.getConsumerKeyClaim())) {
additionalProperties.put(APIConstants.KeyManager.CONSUMER_KEY_CLAIM, keyManagerDTO.getConsumerKeyClaim());
}
if (StringUtils.isNotEmpty(keyManagerDTO.getScopesClaim())) {
additionalProperties.put(APIConstants.KeyManager.SCOPES_CLAIM, keyManagerDTO.getScopesClaim());
}
keyManagerConfigurationDTO.setAdditionalProperties(additionalProperties);
return keyManagerConfigurationDTO;
}
use of org.wso2.carbon.apimgt.rest.api.admin.v1.dto.KeyManagerDTO in project carbon-apimgt by wso2.
the class KeyManagersApiServiceImpl method keyManagersPost.
public Response keyManagersPost(KeyManagerDTO body, MessageContext messageContext) throws APIManagementException {
String organization = RestApiUtil.getOrganization(messageContext);
APIAdmin apiAdmin = new APIAdminImpl();
try {
KeyManagerConfigurationDTO keyManagerConfigurationDTO = KeyManagerMappingUtil.toKeyManagerConfigurationDTO(organization, body);
KeyManagerConfigurationDTO createdKeyManagerConfiguration = apiAdmin.addKeyManagerConfiguration(keyManagerConfigurationDTO);
APIUtil.logAuditMessage(APIConstants.AuditLogConstants.KEY_MANAGER, new Gson().toJson(keyManagerConfigurationDTO), APIConstants.AuditLogConstants.CREATED, RestApiCommonUtil.getLoggedInUsername());
URI location = new URI(RestApiConstants.KEY_MANAGERS + "/" + createdKeyManagerConfiguration.getUuid());
return Response.created(location).entity(KeyManagerMappingUtil.toKeyManagerDTO(createdKeyManagerConfiguration)).build();
} catch (URISyntaxException e) {
String error = "Error while Creating Key Manager configuration in organization " + organization;
throw new APIManagementException(error, e, ExceptionCodes.INTERNAL_ERROR);
}
}
Aggregations